Soumettre #698566: SGAI N1211DS NAS v1.0.915 Improper Authenticationinformation

TitreSGAI N1211DS NAS v1.0.915 Improper Authentication
DescriptionThe SGAI Space1 NAS (model N1211DS, firmware version v1.0.915) contains an unauthorized information disclosure vulnerability. This vulnerability is caused by lax authentication of the GET_FACTORY_INFO interface. It allows attackers to obtain sensitive information such as the remote target device's system password and Wi-Fi password in plaintext, enabling unauthorized remote attackers to log in to the remote target NAS device's backend management system.
La source⚠️ https://www.notion.so/2b16cf4e528a8000b30bd543247fa1bd
Utilisateur
 renguangyue (UID 92629)
Soumission20/11/2025 08:14 (il y a 5 mois)
Modérer06/12/2025 10:02 (16 days later)
StatutAccepté
Entrée VulDB334603 [SGAI Space1 NAS N1211DS jusqu’à 1.0.915 gsaiagent /cgi-bin/JSONAPI GET_FACTORY_INFO/GET_USER_INFO élévation de privilèges]
Points17

PrécédentAperçuSuivant

Want to stay up to date on a daily basis?

Enable the mail alert feature now!